Page 13 - The Pulse Issue 8 070218
P. 13
GDPR: Where to Start?
Overview
The General Data Protection Regulation (GDPR) will be replacing the GDPR Quiz
Data Protection Act on the 25th May 2018.
The new regulation comprises of a set of principles and strict guidelines which governs
the way data is collected, stored and used.
1 When will GDPR come into force?
These changes will impact every area of your business, so it is imperative that you
get up to speed quickly. In the coming weeks, Ingard will be introducing new policies a) 15 February 2018 b) 25 May 2018 c) 20 June 2018
and procedures to protect your business from the EU’s hefty fines, up to 4% of annual
turnover or 20m Euro, whichever is higher, for any business who falls foul of the new
regulation.
2 Which one of these principles is not part of data protection
To fully get to grips with the new rules surrounding data protection, please ensure you under the GDPR?
visit the Information Commissioner’s Office (ICO) webpages on data protection reform
- https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation- a) Accountability b) Storage Limitation c) Data Optimisation
gdpr
The ICO will act as a lead supervisory authority for the GDPR.
3 Can consent requests be included in other terms and
Start an Action Plan conditions?
Once you have read the ICO’s guide on GDPR and familiarised yourself with the core a) Yes b) No
principles, wait for Ingard to release the new procedures which they will be implementing
in the coming weeks to keep your business compliant.
Use the information Ingard will be releasing to create an action plan which reviews 4 Which one of these would not be considered a personal data
areas, such as: - breach under the GDPR?
Client information only being stored in a secure CRM, documents cannot be saved to a) Sending personal data to an incorrect recipient b) Access by an
your desktop and any printed documents must also be stored securely and shredded unauthorised third party c) Accessing data on a secure CRM system
within a set timeframe.
Review what information you hold for each client and ensure it is correctly documented
and stored. Subject Access Requests (SARs) are expected to become a problem for 5 What is the largest fine a firm can receive for a GDPR
Mortgage Brokers when GDPR launches due to increased awareness of the new breach?
regulation in the press. Due to the volume of information collected on every mortgage
application, the customer will need to be responded to with a detailed report on all of a) 4% of annual turnover or 20m Euro, whichever is higher
the information held. Don’t panic - Ingard will be offering guidance on what is expected. b) 2.5% of annual turnover or 12m Euro, whichever is higher
c) 1% or 4m Euro, whichever is higher
Clients opting in to marketing by telephone, email, SMS etc – this will need to be
documented with a clear audit trail. Opt-in consent cannot be included in other terms
and conditions or pre-selected on data capture forms. Every customer will need to have
confirmed that they agree to receiving future communications from you by 25th May 6 What is the maximum length of time a firm can respond to a
2018 if a consent audit trail doesn’t currently exist.
data request?
Don’t Leave It Until the Last Minute a) 40 calendar days b) 30 days c) 30 calendar days
There are going to be a lot of changes ahead, so start today by familiarising yourself
with the new regulation and adopting each new process as Ingard releases them.
If you adopt the new processes now and get your existing client database up-to-date,
then it will save you from having a meltdown in a few months’ time! If you are Directly
Authorised and would like some guidance, then contact our Broker Support Team on
01702 533 400 or email info@ingard.co.uk 6. b 5. a 4. c 3. b 2. c 1. b
11 12
